User "Patrick Nagel" posted a comment on MediaWiki.r89637. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/89637#c17852 Commit summary:
Initial commit of new extension Notificator Comment: Thanks for your advice, Nikerabbit. I gave it some more work now: * r89714: Removed wfLoadExtensionMessages() call, backwards-compatibility not needed, since this extension does not work with <1.17b1 anyway. Btw.: wfLoadExtensionMessages() is mentioned in http://www.mediawiki.org/wiki/Manual:Special_pages#The_Special_Page_File - maybe it should be mentioned there, that this call is no longer needed for extensions that don't need to be compatible with $old MW versions? * r89715: Changed $ngFromAddress init. Using $wgPasswordSenderName and $wgPasswordSender as default for $ngFromAddress. That fixes the register_globals vulnerability. * r89716: Replaced Notificator::checkEmailAddress() with MW's Sanitizer::validateEmail() * r89719: Switched to Notificator::checkEmailAddress() again, after discovering that Sanitizer::validateEmail() is not available in any released MW version; Lots of whitespace changes (ran stylize.php and limited line length to <100). [Should have done that in two commits, but it would have been a big hassle] About the "You need to do a lot more escaping of things you output into html" part - I think I had already escaped all user-provided input with htmlspecialchars(), what else needs to be done? _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
